Systems, devices, and methods for access control and identification of user devices

ABSTRACT

Systems, devices, and techniques that can provide access control and/or identification of user devices.

CROSS-REFERENCE TO RELATED APPLICATION

The present application is a divisional of U.S. patent application Ser.No. 15/813,136, filed Nov. 14, 2017, which is related to and claims thebenefit of U.S. Provisional Patent Application No. 62/421,770, filedNov. 14, 2016, the contents of each of which are incorporated herein byreference in their entirety.

BRIEF DESCRIPTION OF THE DRAWINGS

The accompanying drawings form part of the disclosure and areincorporated into the subject specification. The drawings illustrateexample embodiments of the disclosure and, in conjunction with thepresent description and claims, serve to explain at least in partvarious principles, features, or aspects of the disclosure. Certainembodiments of the disclosure are described more fully below withreference to the accompanying drawings. However, various aspects of thedisclosure can be implemented in many different forms and should not beconstrued as limited to the implementations set forth herein. Likenumbers refer to like, but not necessarily the same or identical,elements throughout.

FIG. 1 presents an example of an operational environment for accesscontrol and identification of user devices, according to one or moreembodiments of the present disclosure.

FIG. 1A presents an example of a server device for access control andidentification of user devices, according to one or more embodiments ofthe present disclosure.

FIG. 2 presents an example of a client device for access control andidentification of user devices, according to one or more embodiments ofthe present disclosure.

FIG. 3 presents an example of a radio unit in accordance with one ormore embodiments of the disclosure.

FIG. 4 presents an example of an operational environment foridentification of user devices, according to one or more embodiments ofthe disclosure.

FIG. 5 presents an example of another operational environment for accesscontrol and identification of user devices, according to one or moreembodiments of the disclosure.

FIG. 6 presents an example of a computing environment for access controland identification in accordance with one or more embodiments of thisdisclosure.

FIG. 7A presents an example of a method for generating an access rule inaccordance with one or more embodiments of the present disclosure.

FIG. 7B presents an example of a method for generating an access rule,according to one or more embodiments of the present disclosure.

FIG. 8 presents an example of a method for changing access rules,according to one or more embodiments of the present disclosure.

FIG. 9 presents an example of a method for exchanging contactinformation, according to one or more embodiments of the presentdisclosure.

FIG. 10 presents an example of a method for activating a client devicefor access control and identification, according to one or moreembodiments of the present disclosure.

FIG. 11 presents an example of a method for interaction between a clientdevice and a beacon device, according to one or more embodiments of thepresent disclosure.

FIG. 12 presents an example of a method for notifying a client device,according to one or more embodiments of the present disclosure.

FIG. 13 presents an example of a method for determining features fromdata associated with access control and identification, according to oneor more embodiments of the present disclosure.

FIG. 14 illustrates an example of a user interface for access controland identification, according to one or more embodiments of the presentdisclosure.

FIG. 15 illustrates an example of a user interface for access controland identification, according to one or more embodiments of the presentdisclosure.

FIG. 16 illustrates an example of a user interface for access controland identification, according to one or more embodiments of the presentdisclosure.

FIG. 17 illustrates an example of a user interface for access controland identification, according to one or more embodiments of the presentdisclosure.

FIG. 18 illustrates an example of a user interface for access controland identification, according to one or more embodiments of the presentdisclosure.

FIG. 19 illustrates an example of a user interface for access controland identification, according to one or more embodiments of the presentdisclosure.

FIG. 20 illustrates an example of a user interface for access controland identification, according to one or more embodiments of the presentdisclosure.

FIG. 21 illustrates an example of a user interface for access controland identification, according to one or more embodiments of the presentdisclosure.

FIG. 22 illustrates an example of a user interface for access controland identification, according to one or more embodiments of the presentdisclosure.

FIG. 23 illustrates an example of a user interface for access controland identification, according to one or more embodiments of the presentdisclosure.

FIG. 24 illustrates an example of a user interface for access controland identification, according to one or more embodiments of the presentdisclosure.

FIG. 25 illustrates an example of a user interface for access controland identification, according to one or more embodiments of the presentdisclosure.

FIG. 26 illustrates an example of a user interface for access controland identification, according to one or more embodiments of the presentdisclosure.

FIG. 27 illustrates an example of a user interface for access controland identification, according to one or more embodiments of the presentdisclosure.

FIG. 28 illustrates an example of a user interface for access controland identification, according to one or more embodiments of the presentdisclosure.

FIG. 29 illustrates an example of a user interface for access controland identification, according to one or more embodiments of the presentdisclosure.

FIG. 30 illustrates an example of a user interface for access controland identification, according to one or more embodiments of the presentdisclosure.

FIG. 31 illustrates an example of a user interface for access controland identification, according to one or more embodiments of the presentdisclosure.

FIG. 32 illustrates an example of a user interface for access controland identification, according to one or more embodiments of the presentdisclosure.

FIG. 33 illustrates an example of a user interface for access controland identification, according to one or more embodiments of the presentdisclosure.

FIG. 34 illustrates an example of a user interface for access controland identification, according to one or more embodiments of the presentdisclosure.

FIG. 35 illustrates an example of a user interface for access controland identification, according to one or more embodiments of the presentdisclosure.

FIG. 36 illustrates an example of a user interface for access controland identification, according to one or more embodiments of the presentdisclosure.

FIG. 37 illustrates an example of a user interface for access controland identification, according to one or more embodiments of the presentdisclosure.

FIG. 38 illustrates an example of a user interface for access controland identification, according to one or more embodiments of the presentdisclosure.

FIG. 39 illustrates an example operation environment for access controland identification, according to one or more embodiments of the presentdisclosure.

FIG. 40 illustrates views of a wall mount of a housing unit tied to anaccess control and identification system, according to one or moreembodiments of the present disclosure.

FIG. 41 illustrates views of a wall mount of a housing unit tied to anaccess control and identification, system according to an exemplaryembodiment of the present disclosure.

FIG. 42 illustrates views of a plate of a housing unit tied to an accesscontrol and identification system, according to an exemplary embodimentof the present disclosure.

FIG. 43 illustrates views of a scanner mount of a housing unit tied toan access control and identification system, according to an exemplaryembodiment of the present disclosure.

FIG. 44 illustrates views of a scanner mount of a housing unit tied toan access control and identification system, according to an exemplaryembodiment of the present disclosure.

FIG. 45 illustrates views of a housing unit tied to an access controland identification system, according to an exemplary embodiment of thepresent disclosure.

FIG. 46 illustrates views of a housing unit tied to an access controland identification system, according to an exemplary embodiment of thepresent disclosure.

FIG. 47 includes views of a housing unit tied to an access control andidentification system, according to an exemplary embodiment of thepresent disclosure.

FIG. 48 illustrates an example of a user interface for access controland identification, according to one or more embodiments of the presentdisclosure.

FIG. 49 illustrates an example of a user interface for access controland identification, according to one or more embodiments of the presentdisclosure.

FIG. 50 illustrates an example of a user interface for access controland identification, according to one or more embodiments of the presentdisclosure.

FIG. 51 illustrates an example of a user interface for access controland identification, according to one or more embodiments of the presentdisclosure.

FIG. 52 illustrates an example of a user interface for access controland identification, according to one or more embodiments of the presentdisclosure.

FIG. 53 illustrates an example of a user interface for access controland identification, according to one or more embodiments of the presentdisclosure.

DETAILED DESCRIPTION

Exemplary embodiments of the present disclosure provide for an improveddigital identification, networking, communication, and security system,devices, and methods. Embodiments of the disclosure can be utilized as atime-saving enterprise system including a multi-faceted mobile softwareapplication (“mobile app”) and a command and access control web app(“web app”). In various embodiments, the systems, devices, and methodsmay be configured as an “all-in-one” software application that may actas a comprehensive digital identification, networking, communication,and security system, as well as a communication, command, and controlsystem.

FIG. 1 presents an example of an operational environment 100 foridentification and safety and access control in accordance with one ormore embodiments of the disclosure. As is illustrated, the operationalenvironment 100 can include a first zone 102 a associated with a beacondevice 104 a. The first zone 102 a can be embodied in or can include adefined region secured by a locking device 106 a. The defined region caninclude a confined area indoors, a confined area outdoors, or a confinedarea that includes a combination of outdoors space and indoors space.The beacon device 104 a and the locking device 106 a can be functionallycoupled (e.g., electrically coupled, mechanically coupled, and/orelectromechanically coupled). The coupling can include wireless couplingand/or wireline coupling, and is represented by link(s) 107. The lockingdevice 104 a can be actuated to transition between a locked state and anunlocked state, thus unlocking or locking a gate, a door, a turnstile, apadlock, or another type of access structure. As such, the beacon device104 a and the locking device 106 a can be referred to collectively as apoint-of-entry device. In some embodiments, a zone (e.g., zone 102 a orzone 102 b) may not include a beacon device and, thus, the zone can beassociated exclusively with a locking device. In one of suchembodiments, the point-of-entry device can include the locking device(e.g., locking device 106 a), where the locking device can be configuredto exchange wireless signals with a mobile computing device according toone or more defined protocols of a radio technology (e.g., 3G, Long TermEvolution (LTE), LTE-Advanced, 5G, IEEE 802.11, IEEE 802.16, Bluetooth,ZigBee, or near-field communication (NFC)). As an example, the radiotechnology can include Bluetooth, and the locking device (e.g., lockingdevice 106 a) can include a Bluetooth locking pad.

The operational environment 100 also can include a second zone 102 bassociated with a beacon device 104 b. The second zone 102 b can beembodied in or can include a defined region secured by a locking device106 b. The defined region associated with the second zone 102 b also caninclude a confined area indoors, a confined area outdoors, or a confinedarea that includes a combination of outdoors space and indoors space.The second zone 102 b can be geographically distinct from the first zone102 a. The beacon device 104 a and the locking device 106 a can befunctionally coupled (e.g., electrically coupled, mechanically coupled,and/or electromechanically coupled). The coupling can include wirelesscoupling and/or wireline coupling, and is represented by link(s) 107.The locking device 104 b can be actuated to transition between a lockedstate and an unlocked state, thus unlocking or locking a gate, a door, apadlock, a turnstile, or another type of access structure. As such, thebeacon device 104 b and the locking device 106 b also can be referred tocollectively as a point-of-entry device. As described herein, in someembodiments, a zone (e.g., zone 102 a or zone 102 b) may not include abeacon device and, thus, the zone can be associated exclusively with alocking device. In one of such embodiments, the point-of-entry devicecan include the locking device (e.g., locking device 106 b), where thelocking device can be configured to exchange wireless signals with amobile computing device according to one or more defined protocols of aradio technology (e.g., 3G, Long Term Evolution (LTE), LTE-Advanced, 5G,IEEE 802.11, IEEE 802.16, Bluetooth, ZigBee, or near-field communication(NFC)). As an example, the radio technology can include Bluetooth, andthe locking device (e.g., locking device 106 a) can include a Bluetoothlocking pad.

The operational environment 100 also can include a server device 120 a.In one aspect, the server device 120 a and the beacon device 104 a canbe functionally coupled via at least one of the one or more network 130.The server device 120 a is associated with the beacon device 104 b. Theserver device 120 a also can be associated with one or more other beacondevices. For instance, in one embodiment, the server device 120 a can befunctionally coupled to beacon device 104 b.

The server device 120 a can configure a zone associated with apoint-of-entry device. To that end, in one aspect, the server device 120can generate a logical association between a beacon device and a regionspanned by the zone. Specifically, the server device 120 a can generatea logical association between the region spanned by the zone 102 a andone or more of the beacon device 104 b and the locking device 106 a. Theserver device 120 a also can generate a record of the logicalassociation. As is illustrated in FIG. 1, the server device 120 a can befunctionally coupled to one or more interface units 140 (represented asinterface unit 140). In some embodiments, the interface unit 140 can beembodied in or can include a computing device (e.g., a server device)that includes one or more APIs that permit the exchange of informationbetween the interface unit 140 and the server device 120 a. Therefore,the server device 120 a can utilize or otherwise leverage the interfaceunit 140 in order to retain a record of the logical association betweenzone 102 a and the beacon device 104 b and/or the locking device 106 a.Such a record can be retained in one or more memory devices 154(collectively referred to as zone information repository 154). Asmentioned, in some embodiments, the server device 120 a can befunctionally coupled to the zone 102 b and, thus, the server device 120a also can configure the zone 102 b.

In addition, the server device 120 a also can generate a user recordincluding first user information (e.g., a name an address, a role withinan organization, or the like) and a communication address, such as anemail address. In addition, the server device 120 a can generate anaccess rule using at least the user record, where the access rule canregulate entry to a zone (e.g., zone 102 a and/or, in some embodiments,zone 102 b). To that end, in some embodiments, the server device 120 acan generate a schedule for authorized entry to the zone, the schedulebeing one of a daily schedule having a recurring group of authorizedperiods over a 24 hour interval; a weekly schedule having a secondrecurring group of authorized periods over seven days; a monthlyschedule having a third recurring group of authorized periods over amonth; a defined non-recurring authorized period. Accordingly, in someinstances, the access rule can include a start time and an end time forauthorized access.

In addition or in other embodiments, to configure the access rule, theserver device 120 a can receive input information indicative of aschedule for authorized entry to a zone (e.g., zone 102 a and/or, insome embodiments, zone 102 b) and can generate the access rule using atleast the input information. In some instances, the input informationcan be input at a user interface, such as a graphical user interface(GUI), and can be sent to the server device 120 a. The server device 120a can validate the access rule. For instance, the server device 120 acan determine that the received schedule has logic integrity, e.g., anend time is later than a start time, times are adequate, and so forth.The server device 120 a also can utilize or otherwise leverage theinterface unit 140 to retain or store the access rule in one or morememory devices 156 (collectively referred to as access rule repository156).

In some embodiments, the server device 120 a can activate a user deviceto serve as access control instrument for a specific zone. For instance,the server device 120 can generate an activation code (e.g., a numericcode or an alphanumeric code), and can send the activation code to thecommunication address associated with a user record. In one of suchembodiments, the activation code can be received and displayed (orotherwise presented) at a user device 110, which can be embodied in orcan include a mobile computing device that can communicate wirelesslyaccording to one or more radio technologies (e.g., 3G, Long TermEvolution (LTE), LTE-Advanced, 5G, IEEE 802.11, IEEE 802.16, Bluetooth,ZigBee, or near-field communication (NFC)). Such a mobile computingdevice can have a defined form factor, and can be embodied in or caninclude a smartphone, tablet computer, a wearable device, a keyfob, apocket card, or the like.

In response to receiving the activation code, the user device 110 cangenerate user information including a telephone number or another typeof communication address (e.g., an email address) of the mobilecomputing device. To that end, in one embodiment, the user device 110can receive input information indicative or otherwise representative ofthe user information. More specifically, as described herein, the userdevice 110 also can include one or more identification units (notdepicted in FIG. 1) that can cause the user device 110 to display, via adisplay device or display unit, for example, a user interface thatincludes one or more selectable visual elements. At least one of theselectable visual element(s) can be fillable, and can permit orotherwise facilitate receiving input information at the user device 110.The user device 110 can communicate wirelessly with a beacon device orother types of devices. Wireless links can permit such communication.

The user device 110 can send, to the server device 120 a, the userinformation that includes a telephone number or another type ofcommunication address (e.g., an email address) of the mobile computingdevice. As is illustrated in FIG. 1, the user device 110 and the serverdevice 120 a can be functionally via coupled to one or more wirelesslinks 112, at least one of the network(s) 130, and one or more links124. The server device 120 a can receive such user information, and cangenerate a user profile using at least one of the user record associatedwith (e.g., that prompted transmission of) the activation code. In oneaspect, the user profile can include the telephone number (or anothertype of communication address) of the user device 110. The server device120 a can utilize or otherwise leverage the interface unit 140 in orderto retain a record of the user profile. Such a record can be retained inone or more memory devices 150 (collectively referred to as userrepository 154. More specifically, the user profile can retained in oneor more memory elements 151 (referred to as user profiles) which canembody or can constitute a database or another type of data structure.

The server device 120 a also can associate the access rule created forthe user record that is associated with the generated user profile. Suchan association can permit assigning or otherwise associating the accessrule (which also may be referred to as access right in this disclosure)to the user device 110. In one embodiment, to associate the access rulewith the user profile, the server device 120 a can define a relationshipbetween the user profile and the access rule. In addition or in anotherembodiment, to associate the access rule with the user profile, theserver device 120 a can update the user profile to include the accessrule. The server device 120 a also can generate an access key indicativeof a unique user identifier associated with the user profile. As such,the access key itself is unique. In some embodiments, the access key canbe embodied in or can include one of a linear barcode or a matrixbarcode (e.g., a QR code). In other embodiments, the access key can beembodied in or can include a unique code that can correspond to a radiotechnology that the user device 110 can utilized to transmit the uniquecode. In one example, the unique code can correspond to a code to betransmitted by means of Bluetooth radio technology. In another example,the unique code can correspond to a code to be transmitted by means ofnear field communication (NFC) radio technology. The disclosure is notlimited to Bluetooth or NCF radio technologies, and the access key canbe embodied in or can include a code that can be transmitted, by theuser device 110, via other radio technologies, e.g., ZigBee.

The server device 120 a can send an access key associated with a zone tothe communication address of the user device 110. For example, theaccess key can be associated with zone 102 a. In some embodiments, theserver device 120 a can generate a first access key for zone 120 a and asecond access key for zone 102 b, and can send the first access key andthe second access key to the user device 110. Access keys in accordancewith this disclosure can unlock respective locking devices associatedrespective zones. Thus, an access key can permit or otherwise facilitateaccess to a credentialed zone.

As is illustrated in FIG. 1, the operational environment 100 also caninclude a server device 120 b. In one aspect, the server device 120 aand the beacon device 104 a can be functionally coupled via at least oneof the one or more network 130. The server device 120 b is associatedwith the beacon device 104 b. While not illustrated in FIG. 1, in someembodiments, the server device 120 b also can be associated with one ormore other beacon devices. For instance, in one embodiment, the serverdevice 120 b can be associated with the beacon device 104 and therefore,zone 102 a. The server device 120 b can be have similar architecture tothat of the server device 120 a and can provide similar functionality.As such, in some embodiments, the server device 120 b also can generatean access key as described herein, and can send the access key to theuser device 110. The access key generated by the server device 120 b canbe associated with zone 102 b, and can permit or otherwise facilitateaccess to the zone 102 b in accordance with an access rule configuredfor a user profile associated with the user device 110, for the zone 102b.

Therefore, in one aspect, the server device 120 a and the server device120 b can serve as zone access controller devices (or regulator devices)that can grant respective types of access to respective zones for a userdevice. Accordingly, in one aspect, user devices (e.g., mobile computingdevices) can include access keys issued from different zone accesscontroller devices, the access keys providing the user devices withcredentialed access to different locations and/or devices (e.g., lockingdevices for rental car access, front door, checking in for anappointment with the dentist, etc.) while the user device utilizerespective identification units included therein.

Regardless the server device that configures a zone and/or generates anaccess key, the server device can provide a notification to one or moreuser devices (e.g., user device 110) that an access rule is configured.The one or more user devices are associated with a user profileassociated with the access key and/or the access rule. The notificationcan be directed to an initial configuration of the access rule or to asubsequent change to the access rule. More specifically, in someembodiments, a subsequent change to an access rule can be determined atone or more rules. In one example, the server device, e.g., serverdevice 120 a, can determine that an update rule is satisfied, and canupdate the access rule. In another example, the server device, e.g.,server device 120 a, can determine that a deletion rule is satisfied,and the server device can delete the access rule. A notification of achange to an access rule can be embodied in or can include a pushnotification. In order to provide the push notification, the serverdevice (e.g., server device 120 a or server device 120 b) can determineone or more communication addresses (e.g., telephone number, emailaddress, or the like) of respective one or more user devices (e.g.,mobile computing devices) associated with the user profile. In addition,in some embodiments, the server device can send a notification requestto a messaging system to deliver the push notification, where thenotification request can include including the one or more communicationaddresses. The messaging system can deliver the push notification. Inone of such embodiments, depending on the type of notification, themessaging system can be a third-party messaging system.

In embodiments in which a notification of an updated to an access ruleis embodied in or includes an email notification. The server device,e.g., server device 120 a or server device 120 b, that updates orotherwise configures the access rule can provide the email notification.To that end, in some aspects, the server device can determine an emailaddresses associated with a user profile associated with the updatedaccess rule, and can generate or otherwise compose the emailnotification. The server device, e.g., server device 120 a or serverdevice 120 b, also can send the email notification to the email address.

As described herein, one or more server devices (e.g., server device 120a and/or server device 120 b) can generate access keys can grant theaccess keys to the user device 110 or any other type of mobile computingdevice. In addition, the user device 110 can transmit first wirelesssignals and can receive second wireless signals according to one or moredefined protocols of a radio technology. To that, in some embodiments,the user device 110 can include a radio having one or more antennas anda communication processing unit. The one or more antennas can receivethe second wireless signals, and the communication processing unit canprocesses the second wireless signals. In some aspects, thecommunication processing unit can convert analog signals associated withthe second wireless signals into digital signal that can be furtherprocessed by the user device 110. Similarly, the communicationprocessing unit can process digital signals to generate the firstwireless signals, and the one or more antennas transmit the firstwireless signals. In some instances, the user device 110 can attempt toenter zone 102 a. To that end, in one aspect, the user device 110 can beproximate to the beacon device 104 a and can initiate the establishmentof a connection with the beacon device 104 a. After or upon establishingthe connection, the user device 110 can send an access key associatedwith the zone 102 a to the beacon device 104. The beacon device 104 acan process the access key (e.g., apply access logic) or can send theaccess key to the server device 120 a or another device to process thekey. In some instances, after or upon the access key is processed, thebeacon device 104 can determine that access to zone 102 a is to begranted. In response, the beacon device 104 can cause the locking device106 a to transition from a locked state to an unlocked state. The beacondevice 104 also can send, to the server device 120 a, for example, anindication of granted entry to zone 102 a. The server device 120 a canreceive the indication of granted entry to zone 102 a and, in someembodiments, can retain such an indication in the access recordrepository 152. In other embodiments, the server device 120 a cangenerate a record of access granted by using the indication, and canretain the record in the access record repository. The record caninclude a timestamp indicative of a date and/or time of the denial ofentry; an identifier for zone 102; an identifier of the user device 110or a user profile associated with the user device; a combinationthereof; or the like.

In addition or in other instances, after or upon the access key isprocessed, the beacon device 104 a can determine that access to zone 102a is to be denied. In response, the locking device 106 a can remain in alocked state. The beacon device 104 can send, to the server device 120a, for example, an indication of denied entry to zone 102 a. The serverdevice 120 a can receive the indication of denied entry to zone 102 aand, in some embodiments, can retain such an indication in the accessrecord repository 152. In other embodiments, the server device 120 a cangenerate a record of access denied by using the indication, and canretain the record in the access record repository. As mentioned, therecord can include a timestamp indicative of a date and/or time of thedenial of entry; an identifier for zone 102; an identifier of the userdevice 110 or a user profile associated with the user device; acombination thereof; or the like.

As described herein, the operational environment 100 also can includeone or more interface units 140 (represented as interface unit 140) thatcan be functionally coupled with the server device 120 a and/or theserver device 120 b. In one aspect, the interface unit 140 can beembodied in or can include a computing device (e.g., a server device)that includes one or more APIs that permit the exchange of informationbetween the interface unit 140 and the server device 120 a and/or theserver device 120 b. As is illustrated in FIG. 1, the interface unit 140also can be functionally coupled to various repositories, e.g., multiplememory devices (or storage devices), that can retain various informationassociated with end-users, access rules, zones, access records, and thelike. More specifically, in some embodiments, such repositories caninclude a user repository 150 that can retain one or more user profiles152. In addition or in other embodiments, the repositories can includean access record repository 152 that can retain records (or other typesof information) indicative of access attempts to zones by user devices(e.g., user device 110) and/or outcomes of the access attempts—e.g.,access granted or access denied. Such zones can be associated with oneor more server devices, such as server device 120 a and/or server device120 b. For instance, the access record repository 152 can includerecords (or other type of information) indicative of access attempts toenter zone 102 a and/or zone 102 b by user device 110. The informationretained in access record repository 152 can permit or otherwisefacilitate, amongst other things, the tracking of a user device withinzone(s)—either from a single organization or multiple organizationsassociated with the user device—thus providing clarity and record ofactions; legal defensibility; or the like. Further or in otherembodiments, the repositories can include a zone information repository154 that can retain information (e.g., data and/or metadata) indicativeor otherwise representative of one or more zones. For instance, theinformation can include first information indicative of beacon devicesassociated with respective zones. Still further or in yet otherembodiments, the repositories can include an access rule repository 156that can retain information indicative of access rules (e.g., a scheduleof permitted entry to a zone).

The server device 120 a and the sever device 120 b can implement thefunctionality described herein via identification unit(s) 122 a andidentification unit(s) 122 b. In some embodiments, as is illustrated inFIG. 1A, a server device 160 (which can embody or can include serverdevice 120 a or sever device 120 b) can include one or more memorydevices 164 having one or more access and identification components 166.The identification component(s) 166 can configure the server device 120b to provide the functionality described herein. In addition, inresponse to execution, the server device 120 b can implement orotherwise provide the various functionalities described herein. Theserver device 160 can include one or more processors 172 that canexecute the access and identification component(s) 166. In addition, theserver device 160 can include or can be coupled to a display unit 168that can present numerous interfaces that can permit administeringaccess rules, addition of user devices, removal of user devices, and thelike. In some aspects, as is illustrated in FIGS. 15, 16, 17, 18, 19,20, and 21. The server device 160 can permit monitoring recent activity,such as zones access activity and/or contact information exchange (e.g.,card exchanges). In addition, as is illustrated in FIGS. 24-25, theserver device 160 can permit create, controlling and terminating zoneaccess rights to zones controlled or otherwise configured by the serverdevice 160 or other server devices in accordance with aspects of thisdisclosure.

In other aspects, as is illustrated in FIGS. 22-23, the server device160 can permit viewing all employees or other end-users for which a userprofile is available within the user repository 150. The informationthat can be presented can include name, picture, email, department ifapplicable, address, fax number, and/or phone number.

In still other aspects, as is illustrate in FIG. 24, the server device160 can permit managing employees. For example the server device 160 canpermit sending and updating access rights, deactivating user mobiledevices, terminating zone access, uploading business cards foremployees/users, and view employee's recent activity. In one aspect, amanager device can deactivate the user's zone access at any time byelecting an option to “deactivate device”. The manager may also managethe user's access rights.

In other aspects, the server device 160 also can permit adding andcreating employees/users and define their access levels to zones. See,for example, FIG. 21. In addition, as is illustrated in FIG. 23, theserver device 160 can permit creating roles for employees/users withinan organization that leverages or otherwise utilizes the server devicesin accordance with this disclosure. Similarly, as is illustrated in FIG.25, the server device 160 can permit creating departments foremployees/users within an organization that leverages or otherwiseutilizes the server devices in accordance with this disclosure. Furtheras describe herein, the server device 160 can permit or otherwisefacilitate zone creation and defining zone access rights. In addition,the server device also can permit, via at least a user interface,editing company settings and/or adding new managers authorized tooperate the web app. Further, in some aspects, as is illustrated inFIGS. 28-27, the server device 160 can permit or otherwise facilitatesending messages to employees/clients mobile devices directly via SMStext message. Furthermore, as is also illustrated in FIGS. 27-28, thesever device 160 can generate access key for new user devices. Upon orOnce a new user's profile has been created, the manager may send theaccess code to that individual's mobile device, activating all of theiraccess keys to specified zones.

In addition, the server device 160 also can permit to login to accessvarious functionalities remotely. Thus, the server device 160 can permitan end-user to log into a portal provide by the server device 160.

FIG. 2 illustrates an example of a client device 210 for access controland identification, according to one or more embodiments of thisdisclosure. The client device 210 can include one or more input/output(I/O) units 202 that can permit or otherwise facilitate receiving inputinformation at the client device 210. To that end, in one embodiment,the I/O interface unit(s) 202 can include a display unit 204. Inaddition or in another embodiment, the client device 210 can include anaudio input unit and an audio output unit (collectively referred to asaudio I/O unit(s) 206. Further or in yet other embodiments, the clientdevice 210 can include one or more camera modules 210. At least one ofthe camera module(s) 210 can permit or otherwise facilitate collectinginformation by focusing on an object (e.g., an image displayed onanother client device) and generating a digital image of at least aportion of the object.

The client device 210 also can include a wireless scanning unit 208 thatcan generate pilot signals (e.g., beacon signals) that can betransmitted wirelessly, for example, by means of a radio unit 220 (alsoreferred to as radio 220). To that end, the radio unit 220 can includeone or more antennas 222 functionally coupled to a multi-modecommunication processing unit 324. The radio unit 210, via themulti-mode communication processing unit 224, can process the pilotsignals according to one or more defined protocols of a radiotechnology. The radio technology can include, for example, 3G, Long TermEvolution (LTE), LTE-Advanced, 5G, IEEE 802.11, IEEE 802.16, Bluetooth,ZigBee, or near-field communication (NFC), or the like. At least one ofthe antenna(s) 222 can send wirelessly the processed pilot signals. Asis illustrated in FIG. 3, in some embodiments, the radio unit 220 caninclude the antenna(s) 222, and one or more transmitters and one or morereceivers, collectively referred to as transceiver(s) 310. In addition,the radio unit 220 can include a multiplexer/demultiplexer 320, acoder/decoder (codec) unit 330, and a modulator/demodulator (modem) unit340. More specifically, in certain embodiments, the antenna(s) 222 canbe embodied in or can include directional or omnidirectional antennas,including, for example, dipole antennas, monopole antennas, patchantennas, loop antennas, microstrip antennas or other types of antennassuitable for transmission of RF signals. In addition, or in otherembodiments, at least some of the antenna(s) 222 can be physicallyseparated to leverage spatial diversity and related different channelcharacteristics associated with such diversity. In addition or in otherembodiments, the multi-mode communication processing unit 224 canprocess at least wireless signals in accordance with one or more radiotechnology protocols and/or modes (such as MIMO,single-input-multiple-output (SIMO), multiple-input-single-output(MISO), and the like. Each of such protocol(s) can be configured tocommunicate (e.g., transmit, receive, or exchange) data, metadata,and/or signaling over a specific air interface. The one or more radiotechnology protocols can include 3.sup.rd Generation Partnership Project(3GPP) Universal Mobile Telecommunication System (UMTS); 3GPP Long TermEvolution (LTE); LTE Advanced (LTE-A); Wi-Fi protocols, such as those ofthe Institute of Electrical and Electronics Engineers (IEEE) 802.11family of standards; Worldwide Interoperability for Microwave Access(WiMAX); radio technologies and related protocols for ad hoc networks,such as Bluetooth or ZigBee; other protocols for packetized wirelesscommunication; or the like). The multi-mode communication processingunit 224 also can process non-wireless signals (analogic, digital, acombination thereof, or the like). While illustrated as separate blocksin the computing device 210, it should be appreciated that in certainembodiments, at least a portion of the multi-mode communicationprocessing unit 224 and the communication unit 224 can be integratedinto a single unit (e.g., a single chipset or other type of solid statecircuitry).

In one embodiment, e.g., example embodiment shown in FIG. 3, themulti-mode communication processing unit 222 can comprise a set of oneor more transmitters/receivers 304, and components therein (amplifiers,filters, analog-to-digital (A/D) converters, etc.), functionally coupledto a multiplexer/demultiplexer (mux/demux) unit 308, amodulator/demodulator (mod/demod) unit 316 (also referred to as modem316), and a coder/decoder unit 312 (also referred to as codec 312). Eachof the transmitter(s)/receiver(s) can form respective transceiver(s)that can transmit and receive wireless signal (e.g., electromagneticradiation) via the one or more antennas 222. It should be appreciatedthat in other embodiments, the multi-mode communication processing unit224 can include other functional elements, such as one or more sensors,a sensor hub, an offload engine or unit, a combination thereof, or thelike.

Electronic components and associated circuitry, such as mux/demux unit308, codec 312, and modem 316 can permit or facilitate processing andmanipulation, e.g., coding/decoding, deciphering, and/ormodulation/demodulation, of signal(s) received by the computing device210 and signal(s) to be transmitted by the computing device 210. In oneaspect, as described herein, received and transmitted wireless signalscan be modulated and/or coded, or otherwise processed, in accordancewith one or more radio technology protocols. Such radio technologyprotocol(s) can include 3GPP UMTS; 3GPP LTE; LTE-A; Wi-Fi protocols,such as the IEEE 802.11 family of standards (IEEE 802.ac, IEEE 802.ax,and the like); WiMAX; radio technologies and related protocols for adhoc networks, such as Bluetooth or ZigBee; other protocols forpacketized wireless communication; or the like. The electroniccomponents in the described communication unit, including the one ormore transmitters/receivers 304, can exchange information (e.g., data,metadata, code instructions, signaling and related payload data,combinations thereof, or the like) through a bus 314, which can embodyor can comprise at least one of a system bus, an address bus, a databus, a message bus, a reference link or interface, a combinationthereof, or the like. Each of the one or more receivers/transmitters 304can convert signal from analog to digital and vice versa. In addition orin the alternative, the receiver(s)/transmitter(s) 304 can divide asingle data stream into multiple parallel data streams, or perform thereciprocal operation. Such operations may be conducted as part ofvarious multiplexing schemes. As illustrated, the mux/demux unit 308 isfunctionally coupled to the one or more receivers/transmitters 304 andcan permit processing of signals in time and frequency domain. In oneaspect, the mux/demux unit 308 can multiplex and demultiplex information(e.g., data, metadata, and/or signaling) according to variousmultiplexing schemes such as time division multiplexing (TDM), frequencydivision multiplexing (FDM), orthogonal frequency division multiplexing(OFDM), code division multiplexing (CDM), or space division multiplexing(SDM). In addition or in the alternative, in another aspect, themux/demux unit 308 can scramble and spread information (e.g., codes)according to most any code, such as Hadamard-Walsh codes, Baker codes,Kasami codes, polyphase codes, and the like. The modem 316 can modulateand demodulate information (e.g., data, metadata, signaling, or acombination thereof) according to various modulation techniques, such asfrequency modulation (e.g., frequency-shift keying), amplitudemodulation (e.g., Q-ary quadrature amplitude modulation (QAM), with Q apositive integer; amplitude-shift keying (ASK)), phase-shift keying(PSK), and the like). In addition, processor(s) that can be included inthe computing device 310 (e.g., processor(s) included in the radio unit224 or other functional element(s) of the computing device 210) canpermit processing data (e.g., symbols, bits, or chips) formultiplexing/demultiplexing, modulation/demodulation (such asimplementing direct and inverse fast Fourier transforms), selection ofmodulation rates, selection of data packet formats, inter-packet times,and the like.

The codec 312 can operate on information (e.g., data, metadata,signaling, or a combination thereof) in accordance with one or morecoding/decoding schemes suitable for communication, at least in part,through the one or more transceivers formed from respectivetransmitter(s)/receiver(s) 304. In one aspect, such coding/decodingschemes, or related procedure(s), can be retained as a group of one ormore computer-accessible instructions (computer-readable instructions,computer-executable instructions, or a combination thereof) in one ormore memory devices 240 (referred to as memory 240). In a scenario inwhich wireless communication among the computing device 210 and anothercomputing device (e.g., a station or other type of user equipment)utilizes MIMO, MISO, SIMO, or SISO operation, the codec 312 canimplement at least one of space-time block coding (STBC) and associateddecoding, or space-frequency block coding (SFBC) coding and associateddecoding. In addition or in the alternative, the codec 312 can extractinformation from data streams coded in accordance with spatialmultiplexing scheme. In one aspect, to decode received information(e.g., data, metadata, signaling, or a combination thereof), the codec312 can implement at least one of computation of log-likelihood ratios(LLRs) associated with constellation realization for a specificdemodulation; maximal ratio combining (MRC) filtering,maximum-likelihood (ML) detection, successive interference cancellation(SIC) detection, zero forcing (ZF) and minimum mean square errorestimation (MMSE) detection, or the like. The codec 312 can utilize, atleast in part, mux/demux unit 308 and mod/demod unit 316 to operate inaccordance with aspects described herein.

As is illustrated by FIG. 29, the client device 210 can be utilized as adigital ID badge for an end-user. To that end, the display unit 204 canpresent There may be multiple ID badges stored within MyCard. Forexample, a user may have their digital work ID badge and governmentdriver's license saved. In one aspect, the proper ID may be displayed asneeded. A badge cannot be altered by a mobile user. Further, as isillustrated by FIGS. 49, 50, 51, 52, and 43, and as is described herein,the client device 210 can be utilized as an access key. Digital businessand/or contact card creation, exchange, storage and interactivity mobileapp. Cards may be exchanged from mobile device to mobile device usingwireless connections such as for e.g., NFC, Bluetooth, SMS textmessages, and/or email. The exchanged card may be uploaded into thereceiving MyCard mobile app and saved in the app's contact list. Thiscontact's profile may now contain that contact's digital business card,the GPS location of the exchange, date and time of the exchange, and anynotes the receiving user wanted to add on their new contact.

In some aspects, the client device 210 and other client devicesdescribed herein can serve a business card, as is illustrated in FIG.14. The user may either upload a file of an existing physical businesscard to the mobile app, or create his or her own contact card within themobile app. The functionality provided by the access and identificationcomponent(s) 246 can be activated in accordance with aspects describedherein. After or upon activation, the client device can begin receivingaccess keys and ID badges from the web app.

In some aspects, as is illustrated in FIGS. 30-31, digital business cardtransfer via SMS, NFC, Bluetooth and/or email. Received cards may bestored, or uploaded directly to the MyCard mobile app. Cards (businessor personal contact cards) may be created by either the manager(managing employees/clients) or the mobile user. In addition, as isillustrated in FIG. 30, exchanged contacts can be searched in a contactdatabase, which can be retained in the client device 210 or remotely.′

In some embodiments, contact cards uploaded into the system may reflectdate and time of the exchange, as well as GPS coordinates of the exactplace where the exchange took place. In other embodiments, end-users maysearch for contact cards by people, places, organizations, dates/times,position/titles. In addition, as is illustrated in FIGS. 31, 32, theclient device 210 can cause the display device 210 to present selectablevisual elements representative of options for communication with otherclient devices. Users may communicate with contacts within the MyCardmobile app by for e.g., finding the contact they are searching for andemailing, calling, or texting that client, as well as viewing theirbusiness card and the GPS coordinates of where that exchange took place.See, for example, FIG. 34.

In some aspects, as is illustrated in FIG. 33, upon or after receivingan exchanged contact card, users may add notes to the newcontact—allowing the users to make a digital record of the exchange ormeeting.

In some embodiments, cards may be exported/uploaded to an Excel, Applenumbers, or other type of spreadsheet. In addition, camera module(s) 211can permit or otherwise facilitate taking a picture of a business cardand scan that card image into their own existing card slot or apply itto the card slot of a person they just met and handed them a physicalcard.

As is illustrated in FIG. 50, the main interface of the mobile app maybe a personal badge for the user. This main page may include optionstaking the user to the key and card libraries. The user may choose apersonal image for their “main badge” on the homepage. Like the card andkey libraries, there may be a badge library of saved badges to be pulledby the user. These badges include, but are not limited to work IDbadges, government IDs, school IDs, driver's licenses, boarding passes,concert and venue tickets, etc.

ID badges may include unique barcodes or QR codes (see, e.g., FIG. 53)as would appear on a physical identification. These barcodes attached toone of a user's digital id badges may be read by an appropriate reader.

With further reference to FIG. 2, in some embodiments, the client device210 also can include a location unit 214 that can permit or otherwisefacilitate generating a location estimate of a current location of theclient device 210. In one embodiment, the location unit 214 can beconfigured to receive timing messages from a global navigation system(e.g., global positioning system (GPS)), and to generate the locationestimate using at least the timing messages.

The client device 210 also can include one or more processors 230 andone or more memory devices (collectively referred to as memory 240). Thememory 240 can include one or more access and identification (A&I)component(s) 246 that can configure the processor(s) 230 to provide oneor more functionalities described herein. The A&I component(s) can beexecuted by at least one of the processor(s) 230 and can cause the atleast one processor, and the client device, to provide the one or morefunctionalities. More specifically, in response to execution of the A&Icomponent(s) 246 by at least one of the processor(s) 230, for example,can cause the client device 210 to perform or facilitate operations thatprovide the one or more functionalities described herein.

The memory 240 also can include A&I information 246 that includesmultiple access keys 248 and card information 250. In some embodiments,the multiple access keys 248 can embody or can constitute a library ofaccess keys available to an end-user of the mobile device. In addition,in one of such embodiments, the card information 250 can include a userprofile for the end-user. In other embodiments, card information 250 maybe absent. As mentioned, in one example, at least a first one (or, insome embodiments, each one) of the access keys 248 can be embodied in orcan include an identification badge associated with an end-user of theclient device 210. In addition, at least a second one of the access keys248 can be embodied in or can include an access code for use inattempting access (and, ultimately, being granted access or deniedaccess) to a zone in accordance with this disclosure.

FIG. 4 presents an example of an operational environment 400 foridentification of user devices, according to one or more embodiments ofthe disclosure. The operational environment 400 can include a clientdevice A 210 a and a client device 210 b. Each one of such devices caninclude the functional elements described herein in connection withclient device 210. As is illustrated, the client device A 210 a canestablish a connection with the client device B 210 b. In one example,to establish such a connection, the client device A 210 a can send aconnection request message to connect with the client device B 210 b,and in response, the client device A 210 a can receive a responsemessage (e.g., an ACK message) indicating that the connection isestablished. Establishment of such a connection is represented aspairing 405 in FIG. 4. In some instances, the client device A 210 a cansend the connection request message in response to receiving inputinformation indicative of a selection to exchange contact information(e.g., business information or other type of identification (ID)information). The input information can be received via a GUI displayedat the client device 210 a, for example. In other instances, the clientdevice A 210 a can be configured to broadcast an indication ofavailability to supply contact information. The indication can bebroadcasted wirelessly, within pilot signals. Broadcasting such anindication can permit or otherwise facilitate reaching out to otherclient device(s), including the client device B 210 b, that can beconfigured to “listen” (e.g., monitor wireless signals) for anopportunity to receive, send, or exchange contact information.Therefore, in one aspect, user devices can detect other user devices inproximity and available to exchange contact information regardless of aprior association between such user devices.

After or upon the connection has been established, the client device A210 a can send, to the client device B 210 b, a request message to 410to supply contact information. In response, the client device B 210 bcan send contact information 420. The client device A 210 a can receivethe contact information 420 and can retain at least a portion of thecontact information 420 in a memory device 240 (not shown in FIG. 4) ofthe client device A 210 a.

In addition or in some embodiments, upon or after receiving at least aportion of the contact information 420, the client device 210 a can senda request message 430 to record an exchange of contact information 420.The request message 430 can include location information indicative orotherwise representative of a location of client device A 210 a at thetime of the exchange or at a time shortly (e.g., tens of milliseconds,hundreds of millisecond, a second, a few seconds) after the exchange. Inaddition or in some embodiments, the request message 430 also caninclude a timestamp (or other type of information) indicative of a dateand a time at which the contact information 420 is received.

As is illustrated in FIG. 4, the request message 430 can be sent to aserver device 440 that includes one or more identification units 450 inaccordance with this disclosure. The identification unit(s) 450 can bethe same as or similar to the identification unit(s) 122 a. In oneinstance, the server device 440 can receive the request message 430 and,in response, can determine that a user profile associated with theclient device B 210 b is present in a user repository (e.g., userrepository 150; not shown in FIG. 4). In response, in one aspect, theserver device 440 can generate a record of the exchange (which can bereferred to as a card exchange record) and can retain such a record in acard exchange repository (not shown in FIG. 4). In another instance, theservice device 440 can determine that a user profile associated with theclient device B 210 b is not present or otherwise available in the userrepository. In response, in one aspect, the server device 440 cangenerate a user profile using the at least a contact information of thecontact information 420. The user profile can be associated with theclient device B 210 b. In addition or in the alternative, the serverdevice 440 can generate a record of the exchange and can retain such arecord in the card exchange repository.

The client device A 210 a can operate on card information retained at amemory device of the client device A 210 a and/or the card exchangerepository.

As described herein, whenever zones are accessed—e.g., access denied oraccess granted—an indication of the access occurrence may be logged andsaved in access record repository 152 or any other memory deviceaccessible to a server device, e.g., server device 120 a or serverdevice 120 b. Thus, an audit trail applicable to one or more zones canbe created.

In addition, records indicative of access granted and/or access deniedfor one or more zones and/or one or more user devices (e.g., mobiledevice(s)) can be utilized or otherwise leveraged to generate insightsrelated to access behavior of a user device or a group of user devices.To that end, as is illustrated in FIG. 5, an operation environment 500in accordance with this disclosure can include an insight engine unit510 functionally coupled to user repository 150; access records storage152; zone information storage 154; and/or access rule storage 156. Assuch, in one embodiment, the insight engine unit 510 can determine thata correlation is present between (a) first entry records (first accessgranted records, first access denied records, or a combination thereof)associated with a first zone and (b) second entry records associatedwith a zone. The first zone can include zone 102 a and the second zonecan include zone 102 b. The insight engine unit 510 can send informationindicative of the correlation to server device 120 a and/or serverdevice 120 b. Based on at least one of the correlation, at least one ofa portion of the first entry records, or a portion of the second entryrecords, the server device 120 a and/or server device 120 b canconfigure a second access rule associated with a user profile, thesecond access rule can regulate entry to a third zone. In addition, theserver device(s) that configure the access rule can generate an accesskey indicative of a unique user identifier associated with the userprofile. Such server device(s) can associate the access key with thethird zone, and can send the second access key to the communicationaddress of the mobile computing device.

In addition or in other embodiments, the insight engine 510 can performor otherwise facilitate a data mining process that can include fourgroups of operations: (I) Data selection. Data is pulled into the enginefrom multiple sources. These sources can be log files, external data andeven most likely a database. The selection process typically involvesaggregating these different sources into a single source, normally aflat list of key value pairs. (II) Data preprocessing andtransformation. The preprocessing operations can include normalizing thedata from the selection process, running some basic validation rules andremoving erroneous samples. Transformation is normally applied to thepreprocessed data to prepare the sample set of data for processing inthe next step. Different processing algorithms require differenttransformation. At times these transformations can be as simple as justordering the data by a particular attribute. An example of a morecomplicated transformation might be running further calculations on thesample set producing derived attributes such as a sum of failed unlockedfor a particular user or an average time a particular zone is accessed.

(III) Data analysis (or data mining). This group of operations caninclude the determination of patterns or other types of featurespresents in the pre-processed and transformed data. That end, theinsight engine unit 510 can implement (e.g., perform) numerousalgorithms against a preprocessed and transformed set of data. Suchalgorithms can include various feature detection algorithms. Each one ofthe algorithms can produce different results depending of a specificfeature of interest, such as type of pattern. The algorithm can includeclustering, classification like decision trees, and regression. In oneembodiment, the insight engine can implement a decision tree, which is atype of classification. In such an embodiment, the insight engine unit510 can apply a set of rules to available data, where the set of rulescan be modeled after a defined set of patterns. The defined set ofpatterns can be determined based on an access behavior of interest. Aspart of the implementation of the decision tree, the insight engine unit500 can train one or more of the rules in the defined set of rulesagainst a training set of data. Such rule(s) can be adjusted based atleast on available non-training data.

(IV) Generation of insight and/or interpolation. After or upon a patternis determined or otherwise identified, the insight engine unit canfurther analyze data associated with the pattern. Such further analysiscan permit adjusting a group of algorithms applied by the insight engineunit to extract feature(s) and, ultimately, determine an insight (e.g.,an amount of actionable knowledge. Such adjustment can be implemented inlearning stage of the data analysis. Once we have a set found patternswe can report them in various ways, storing them in a database for laterreview by the system. The system can also at this point perform somepredefined automated actions. As discussed herein, push notifications orother types of notification can be sent to one or more specific devices,for example.

FIG. 6 illustrates example of a computational environment 600 for accesscontrol and identification of a user device, in accordance with one ormore embodiments of the disclosure. The example computationalenvironment 2300 is merely illustrative and is not intended to suggestor otherwise convey any limitation as to the scope of use orfunctionality of the computational environment's architecture. Inaddition, the illustrative computational environment 2300 depicted inFIG. 6 should not be interpreted as having any dependency or requirementrelating to any one or combination of components illustrated in theexample operational environments of the disclosure. The examplecomputational environment 2300 or portions thereof can embody or canconstitute the operational environments described hereinbefore. As such,the computing device 2310 can embody or can constitute, for example, anyof the communication devices or servers (such as the caller analysisserver 140) described herein. In one example, the computing device 2310can be embodied in a portable personal computer or a handheld computingdevice, such as a mobile tablet computer, an electronic-book reader, amobile telephone (e.g., a smartphone), and the like. In another example,the computing device 2310 can be embodied in a wearable computingdevice, such as a watch, goggles or head-mounted visors, or the like. Inyet another example, the computing device 2310 can be embodied inportable consumer electronics equipment, such as a camera, a portabletelevision set, a gaming console, a navigation device, avoice-over-internet-protocol telephone, a media playback device, or thelike.

The computational environment 2300 represents an example implementationof the various aspects or features of the disclosure in which theprocessing or execution of operations described in connection with themanagement of unknown callers in accordance with aspects disclosedherein can be performed in response to execution of one or more softwarecomponents at the computing device 2310. It should be appreciated thatthe one or more software components can render the computing device2310, or any other computing device that contains such components, aparticular machine for the management of unknown callers in accordancewith aspects described herein, among other functional purposes. Asoftware component can be embodied in or can comprise one or morecomputer-accessible instructions, e.g., computer-readable and/orcomputer-executable instructions. In one scenario, at least a portion ofthe computer-accessible instructions can embody and/or can be executedto perform at least a part of one or more of the example methodsdescribed herein, such as the example method presented in FIG. 6. Forinstance, to embody one such method, at least the portion of thecomputer-accessible instructions can be retained (e.g., stored, madeavailable, or stored and made available) in a computer storagenon-transitory medium and executed by a processor. The one or morecomputer-accessible instructions that embody a software component can beassembled into one or more program modules, for example, that can becompiled, linked, and/or executed at the computing device 2310 or othercomputing devices. Generally, such program modules comprise computercode, routines, programs, objects, components, information structures(e.g., data structures and/or metadata structures), etc., that canperform particular tasks (e.g., one or more operations) in response toexecution by one or more processors, which can be integrated into thecomputing device 2310 or functionally coupled thereto.

The various example embodiments of the disclosure can be operationalwith numerous other general purpose or special purpose computing systemenvironments or configurations. Examples of well-known computingsystems, environments, and/or configurations that can be suitable forimplementation of various aspects or features of the disclosure inconnection with the management of unknown callers in accordance withaspects described herein can comprise personal computers; servercomputers; laptop devices; handheld computing devices, such as mobiletablets or e-readers; wearable computing devices; and multiprocessorsystems. Additional examples can include set-top boxes, programmableconsumer electronics, network personal computers (PCs), minicomputers,mainframe computers, blade computers, programmable logic controllers,distributed computing environments that comprise any of the abovesystems or devices, and the like.

As illustrated in FIG. 6, the computing device 610 can comprise one ormore processors 614, one or more input/output (I/O) interfaces 616, amemory 630, and a bus architecture 632 (also termed bus 632) thatfunctionally couples various functional elements of the computing device610. In certain embodiments, the computing device 610 can include,optionally, a radio unit 612. The radio unit 612 can include one or moreantennas and a communication processing unit that can permit wirelesscommunication between the computing device 610 and another device, suchas one of the computing device(s) 670. The bus 632 can include at leastone of a system bus, a memory bus, an address bus, or a message bus, andcan permit the exchange of information (data, metadata, and/orsignaling) between the processor(s) 614, the I/O interface(s) 616,and/or the memory 630, or respective functional elements therein. Incertain scenarios, the bus 632 in conjunction with one or more internalprogramming interfaces 650 (also referred to as interface(s) 650) canpermit such exchange of information. In scenarios in which theprocessor(s) 614 include multiple processors, the computing device 610can utilize parallel computing.

The I/O interface(s) 616 can permit communication of information betweenthe computing device and an external device, such as another computingdevice, e.g., a network element or an end-user device. Suchcommunication can include direct communication or indirectcommunication, such as the exchange of information between the computingdevice 610 and the external device via a network or elements thereof. Asillustrated, the I/O interface(s) 616 can comprise one or more ofnetwork adapter(s) 618, peripheral adapter(s) 622, and display unit(s)626. Such adapter(s) can permit or facilitate connectivity between theexternal device and one or more of the processor(s) 614 or the memory630. For example, the peripheral adapter(s) 622 can include a group ofports, which can include at least one of parallel ports, serial ports,Ethernet ports, V.35 ports, or X.21 ports. In certain embodiments, theparallel ports can comprise General Purpose Interface Bus (GPM),IEEE-1284, while the serial ports can include Recommended Standard(RS)-232, V.11, Universal Serial Bus (USB), FireWire or IEEE-1394.

In one aspect, at least one of the network adapter(s) 618 canfunctionally couple the computing device 610 to one or more computingdevices 670 via one or more traffic and signaling pipes 660 that canpermit or facilitate the exchange of traffic 662 and signaling 664between the computing device 610 and the one or more computing devices670. Such network coupling provided at least in part by the at least oneof the network adapter(s) 618 can be implemented in a wired environment,a wireless environment, or both. The information that is communicated bythe at least one of the network adapter(s) 618 can result from theimplementation of one or more operations of a method in accordance withaspects of this disclosure. Such output can be any form of visualrepresentation, including, but not limited to, textual, graphical,animation, audio, tactile, and the like. In certain scenarios, each ofthe computing device(s) 670 can have substantially the same architectureas the computing device 610. In addition or in the alternative, thedisplay unit(s) 626 can include functional elements (e.g., lights, suchas light-emitting diodes; a display, such as a liquid crystal display(LCD), a plasma monitor, a light-emitting diode (LED) monitor, or anelectrochromic monitor; combinations thereof; or the like) that canpermit control of the operation of the computing device 610, or canpermit conveying or revealing the operational conditions of thecomputing device 610.

In one aspect, the bus 632 represents one or more of several possibletypes of bus structures, including a memory bus or a memory controller,a peripheral bus, an accelerated graphics port, and a processor or localbus using any of a variety of bus architectures. As an illustration,such architectures can comprise an Industry Standard Architecture (ISA)bus, a Micro Channel Architecture (MCA) bus, an Enhanced ISA (EISA) bus,a Video Electronics Standards Association (VESA) local bus, anAccelerated Graphics Port (AGP) bus, a Peripheral Component Interconnect(PCI) bus, a PCI-Express bus, a Personal Computer Memory CardInternational Association (PCMCIA) bus, a Universal Serial Bus (USB),and the like. The bus 632, and all buses described herein can beimplemented over a wired or wireless network connection and each of thesubsystems, including the processor(s) 614, the memory 630 and memoryelements therein, and the I/O interface(s) 616 can be contained withinone or more remote computing devices 670 at physically separatelocations, connected through buses of this form, in effect implementinga fully distributed system. In certain embodiments, such a distributedsystem can implement the functionality described herein in a client-hostor client-server configuration in which the access and identificationcomponent(s) 636 or the access and identification information 640, orboth, can be distributed between the computing device 610 and at leastone of the computing device(s) 670, and the computing device 610 and atleast one of the computing device(s) 670 can execute such componentsand/or leverage such information. It should be appreciated that, in anembodiment in which the computing device 610 embodies or constitutes aclient device (e.g., client device 210), the access and identificationcomponent(s) 636 can be different from those in an embodiment in whichthe computing device 610 embodies or constitutes a server device (e.g.,server device 160, server device 120 a, or server device 120 b) or aninterface unit 140 in accordance with aspects of this disclosure.

The computing device 610 can comprise a variety of computer-readablemedia. Computer-readable media can be any available media (transitoryand non-transitory) that can be accessed by a computing device. In oneaspect, computer-readable media can comprise computer non-transitorystorage media (or computer-readable non-transitory storage media) andcommunications media. Example computer-readable non-transitory storagemedia can be any available media that can be accessed by the computingdevice 610, and can comprise, for example, both volatile andnon-volatile media, and removable and/or non-removable media. In oneaspect, the memory 630 can comprise computer-readable media in the formof volatile memory, such as random access memory (RAM), and/ornon-volatile memory, such as read-only memory (ROM).

The memory 630 can comprise functionality instructions storage 634 andfunctionality information storage 638. The functionality instructionsstorage 634 can comprise computer-accessible instructions that, inresponse to execution (by at least one of the processor(s) 614), canimplement one or more of the functionalities of the disclosure. Thecomputer-accessible instructions can embody or can comprise one or moresoftware components illustrated as access and identificationcomponent(s) 636. In one scenario, execution of at least one componentof the access and identification component(s) 636 can implement one ormore of the methods described herein, such as the example methods 700,750, 800, 900, 1000, 1100, 1200, and 1300. For instance, such executioncan cause a processor (e.g., one of the processor(s) 614) that executesthe at least one component to carry out a disclosed example method. Itshould be appreciated that, in one aspect, a processor of theprocessor(s) 614 that executes at least one of the access andidentification component(s) 636 can retrieve information from or retaininformation in one or more memory elements 640 in the functionalityinformation storage 638 in order to operate in accordance with thefunctionality programmed or otherwise configured by the access andidentification component(s) 636. The one or more memory elements 640 mayembody at least some of the repositories coupled to the interface unit140. Such elements may be referred to as access and identificationinformation and can include at least one of code instructions,information structures, or the like. For instance, at least a portion ofsuch information structures can be indicative or otherwiserepresentative of elements retained in the repositories functionallycoupled to the interface 140, in accordance with aspects describedherein.

At least one of the one or more interfaces 650 (e.g., applicationprogramming interface(s)) can permit or facilitate communication ofinformation between two or more components within the functionalityinstructions storage 634. The information that is communicated by the atleast one interface can result from implementation of one or moreoperations in a method of the disclosure. In certain embodiments, one ormore of the functionality instructions storage 634 and the functionalityinformation storage 638 can be embodied in or can compriseremovable/non-removable, and/or volatile/non-volatile computer storagemedia.

At least a portion of at least one of the access and identificationcomponent(s) 636 or the access and identification information 640 canprogram or otherwise configure one or more of the processors 614 tooperate at least in accordance with the functionality described herein.One or more of the processor(s) 614 can execute at least one of theaccess and identification component(s) 636 and leverage at least aportion of the information in the functionality information storage 638in order to provide access control and identification of user devices inaccordance with one or more aspects described herein.

It should be appreciated that, in certain scenarios, the functionalityinstructions storage 634 can embody or can comprise a computer-readablenon-transitory storage medium having computer-accessible instructionsthat, in response to execution, cause at least one processor (e.g., oneor more of the processor(s) 614) to perform a group of operationscomprising the operations or blocks described in connection with thedisclosed methods.

In addition, the memory 630 can comprise computer-accessibleinstructions and information (e.g., data, metadata, and/or programmingcode instructions) that permit or facilitate the operation and/oradministration (e.g., upgrades, software installation, any otherconfiguration, or the like) of the computing device 610. Accordingly, asillustrated, the memory 630 can comprise a memory element 642 (labeledoperating system (OS) instruction(s) 642) that contains one or moreprogram modules that embody or include one or more operating systems,such as Windows operating system, Unix, Linux, Symbian, Android,Chromium, and substantially any OS suitable for mobile computing devicesor tethered computing devices. In one aspect, the operational and/orarchitectural complexity of the computing device 610 can dictate asuitable OS. The memory 630 also comprises a system information storage646 having data, metadata, and/or programming code that permits orfacilitates the operation and/or administration of the computing device610. Elements of the OS instruction(s) 642 and the system informationstorage 646 can be accessible or can be operated on by at least one ofthe processor(s) 614.

It should be recognized that while the functionality instructionsstorage 634 and other executable program components, such as the OSinstruction(s) 642, are illustrated herein as discrete blocks, suchsoftware components can reside at various times in different memorycomponents of the computing device 610, and can be executed by at leastone of the processor(s) 614. In certain scenarios, an implementation ofthe access and identification component(s) 636 can be retained on ortransmitted across some form of computer-readable media.

The computing device 610 and/or one of the computing device(s) 670 caninclude a power supply (not shown), which can power up components orfunctional elements within such devices. The power supply can be arechargeable power supply, e.g., a rechargeable battery, and it caninclude one or more transformers to achieve a power level suitable forthe operation of the computing device 610 and/or one of the computingdevice(s) 670, and components, functional elements, and relatedcircuitry therein. In certain scenarios, the power supply can beattached to a conventional power grid to recharge and ensure that suchdevices can be operational. In one aspect, the power supply can includean I/O interface (e.g., one of the network adapter(s) 618) to connectoperationally to the conventional power grid. In another aspect, thepower supply can include an energy conversion component, such as a solarpanel, to provide additional or alternative power resources or autonomyfor the computing device 610 and/or one of the computing device(s) 670.

The computing device 610 can operate in a networked environment byutilizing connections to one or more remote computing devices 670. As anillustration, a remote computing device can be a personal computer, aportable computer, a server, a router, a network computer, a peer deviceor other common network node, and so on. As described herein,connections (physical and/or logical) between the computing device 610and a computing device of the one or more remote computing devices 670can be made via one or more traffic and signaling pipes 660, which cancomprise wired link(s) and/or wireless link(s) and several networkelements (such as routers or switches, concentrators, servers, and thelike) that form a LAN, a MAN, a WAN, and/or other networks (wireless orwired) having different footprints. Such networking environments areconventional and commonplace in dwellings, offices, enterprise-widecomputer networks, intranets, local area networks, and wide areanetworks.

In some embodiments, access keys may be received by barcode/QR codescanners, Bluetooth readers, chip readers, radio signal readers, amongother electronic receiving and processing devices. The reader devices(also referred to as beacon devices)—whichever type they may be (orlocation of installment) may be functionally coupled (e.g., wirelesslycoupled) to a client device.

The functionality of client devices (e.g., user device 110, clientdevice 210) and server devices (e.g., server device 120 a or serverdevice 120 b) can be leveraged or utilized in multiple scenarios. Insome embodiments, as is illustrated in FIGS. 40-47, such functionalitycan be utilized or otherwise leveraged in a housing unit for a receiverdevice controlled in accordance with aspects of this disclosure, e.g.,the functionality of server devices of this disclosure. The housing unitmay be configured to interact with the mobile app. In an embodiment, thehousing unit may interact with the mobile app via at least one barcodescanner in the unit connected to a computing device such that the atleast one barcode scanner or scanner responds to a signal from themobile app to for e.g., unlock a door of a house. In some embodiments,multiple housing units may be secured to different areas in a house.

In view of the aspects described herein, various techniques for accesscontrol and/or identification of user devices (e.g., mobile computingdevices) can be implemented in accordance with the disclosure. Anexample of such techniques can be better appreciated with reference tothe diagrams (flowcharts and callflows) in FIGS. 7A-13. For purposes ofsimplicity of explanation, the examples of the method disclosed herein,with reference to such drawings, are presented and described as a seriesof blocks (with each block representing an action or an operation in amethod, for example). However, it is to be understood and appreciatedthat such an example method or any other technique is not limited by theorder of blocks and associated actions or operations, as some blocks mayoccur in different orders and/or concurrently with other blocks fromthose that are shown and described herein. For example, the methods (orprocesses or techniques) in accordance with this disclosure can bealternatively represented as a series of interrelated states or events,such as in a state diagram. Furthermore, not all illustrated blocks, andassociated action(s), may be required to implement a method inaccordance with one or more aspects of the disclosure. Further yet, twoor more of the disclosed methods or processes can be implemented incombination with each other, to accomplish one or more features oradvantages described herein.

It should be appreciated that the techniques of the disclosure can beretained on an article of manufacture, or computer-readable medium, topermit or facilitate transporting and transferring such methods to acomputing device (e.g., a desktop computer; a mobile computer, such as atablet, or a smartphone; a gaming console, a mobile telephone; a bladecomputer; a programmable logic controller, and the like) for execution,and thus implementation, by a processor of the computing device or forstorage in a memory thereof or functionally coupled thereto. In oneaspect, one or more processors, such as processor(s) that implement(e.g., execute) one or more of the disclosed techniques, can be employedto execute code instructions retained in a memory, or any computer- ormachine-readable medium, to implement the one or more methods. The codeinstructions can provide a computer-executable or machine-executableframework to implement the techniques described herein.

FIGS. 7A-24-25 illustrate examples of methods for access control and/oridentification of user devices, responses in accordance with one or moreembodiments of the disclosure. More specifically, FIG. 7A presents anexample of a method 700 for generating an access rule in accordance withone or more embodiments of the present disclosure. The example method700 can be implemented by one or more computing devices. At block 702,the one or more computing devices can receive selection informationindicative of a first zone. At block 704, the one or more computingdevices can receive first information of a start time and an end time.At block 706, the one or more computing devices can receive secondinformation indicative of a user device. At block 708, the one or morecomputing devices can determine if the first information and the secondinformation are valid. In response to a negative determination (“No”branch), the one or more computing devices can send an error message atblock 710. In the alternative, in response to a positive determination(“Yes” branch), the one or more computing devices can generate a recordof an access rule based at least on the first information and the secondinformation at block 712. At block 714, the one or more computingdevices can store the record of the access rule. At block 716, the oneor more computing devices can send a notification to the user device inaccordance with aspects of this disclosure.

FIG. 7B presents an example of a method 750 for generating an accessrule, according to one or more embodiments of the present disclosure.The example method 750 can be implemented by one or more computingdevices. At block 752, the one or more computing devices can receiveselection information indicative of a user device. At block 754, the oneor more computing devices can receive first information indicative of astart time and an end time. At block 756, the one or more computingdevices can receive second information indicative of a zone. At block758, the one or more computing devices can determine if the firstinformation and the second information are valid. In response to anegative determination (“No” branch), the one or more computing devicescan send an error message at block 760. In the alternative, in responseto a positive determination (“Yes” branch), the one or more computingdevices can generate a record of an access rule based at least on thefirst information and the second information at block 762. At block 764,the one or more computing devices can store the record of the accessrule. At block 766, the one or more computing devices can send anotification to the user device in accordance with aspects of thisdisclosure.

FIG. 8 presents an example of a method 800 for changing access rules,according to one or more embodiments of the present disclosure. Theexample method 800 can be implemented by one or more computing devices.At block 810, the one or more devices can determine if a criterion toupdate an access rule for a zone and user device is satisfied. Inresponse to an affirmative determination (“Yes” branch), the one or morecomputing devices can update the access rule at block 820. At block 830,the one or more computing devices can send a notification to the userdevice. In response to a negative determination, the one or morecomputing devices can determine if a criterion to delete a second accessrule for a second zone and a second user device is satisfied. Inresponse to a negative determination (e.g., “No” branch), the flow canreturn to block 810. In response to an affirmative determination (“Yes”branch), the one or more computing devices can delete the second accessrule at block 850. At block 860, the one or more computing devices cansend a notification to the second user device.

FIG. 9 presents an example of a method 900 for activating a clientdevice for access control and identification, according to one or moreembodiments of the present disclosure. At block 912, a client device A910 can receive input information indicative of a selection to exchangecontact information (e.g., a business card) with another client device(e.g., user device 110). At block 914, the client device 910 candetermine if the exchange is a manual exchange or an automated exchange.In response to the exchange being manual (“Manual” branch), the clientdevice A 910 can receive second input information indicative of contactinformation. At 926, the client device A 910 can send a request torecord the exchange of information. The request can include locationinformation, such as a GPS location estimate, representative of thelocation of the device at the time or nearly at the time the informationis exchanged. In the alternative, in response to an automated exchange(“Auto” branch), the client device 910 and a client device B 920 canestablish a connection by pairing or otherwise attaching to each other.

After or upon the connection is established, at 922, the client device B920 can send contact information. In response to the contact information(e.g., name(s), address, place of business, etc.), the server device 930can determine, at block 928, if the client device B 920 has anassociated user profile (e.g., one of the user profiles retained in userrepository 150. In response to a positive determination (“Yes” branch),at block 932, the server device 930 can generate a record of theexchange of the contact information. At block 938, the server device 930can store the record of the exchange of the contact information. Inresponse to a negative determination (“No” branch) the server device 930can generate a user record associated with the client device B. At block940, the server device 930 can generate a record of the exchange.

FIG. 10 presents an example of a method 1000 for exchanging contactinformation, according to one or more embodiments of the presentdisclosure. As is illustrated, at block 1012, a server device 1012 canreceive input information indicative of an email address. At block 1014,the server device 1010 can determine that a record of the email addressis available. For instance, the server device can determine that theemail address is available in a user profile retained in user repository150. At 1016, the server device can send an email to the email address.The email can include an activation code (e.g., a numeric code or analphanumeric code). A client device 1020 can receive the email and, at1018, the client device 1020 can send a response email to the serverdevice 1010. The response email can include the email address and theactivation code. At block 1030, the server device 1010 can validate theemail address and the activation code. At block 1040, the server devicecan activate the client device 1020.

FIG. 11 presents an example of a method 1100 for interaction between aclient device 1110 and a beacon device 1120, according to one or moreembodiments of the present disclosure. At block 1112, the client device1110 and the beacon device 1120 (e.g., beacon device 104 a or beacondevice 104 b) can establish a connection for wireless communicationbetween such devices. At block 1114, the beacon device 1120 candetermine if the client device is authorized for beacon device 1120. Inresponse to a negative determination, at 1116, the beacon device 1120can send, to the server device 1130, a notification or another type ofindication of successful access activity. In response to a positivedetermination, at 1118, the beacon device 1120 can send, to the serverdevice 1130, a notification or another type of indication of deniedaccess activity. At 1120, the server device 1130 can send an accessnotification or another type of indication to the client device 1110. Atblock 1122, the client device 1110 can present one or more visualelements indicative of access activity.

FIG. 12 presents an example of a method 1200 for notifying a clientdevice, according to one or more embodiments of the present disclosure.One or more computing devices can implement (e.g., execute) at least aportion of the method 1200. At block 1210, the one or more computingdevices can receive a notification request. At block 1220, the one ormore computing devices, the one or more computing devices can determinea type notification, e.g., an email notification or a push notification.For a push notification (“Push” branch), the one or more computingdevices can determine access information indication of one or moredestination devices. At block 1250, the one or more computing devicescan send a request for notification to a notification system. For anemail notification (“Email” branch), the one or more computing devicescan access an email address associated with a user profile related tothe notification. At block 1260, the one or more computing devices cancompose or otherwise generate an email notification. At block 1270, theone or more computing devices can send the email notification via anemail service.

FIG. 13 presents an example of a method 1300 for determining featuresfrom data associated with access control and identification, accordingto one or more embodiments of the present disclosure. The example method1300 can be implemented by one or more computing devices. In oneexample, such devices can embody or can constitute the insight engineunit 510. At block 1310, the one or more computing device can selectdata including information indicative of access activity to a zone. Atblock 1320, the one or more computing devices can normalize the data. Atblock 1330, the one or more computing devices can order data by zone(e.g., zone 102 a or zone 102 b). At block 1340, the one or morecomputing devices can transform the ordered data. At block 1350, the oneor more computing devices can determine one or more patterns within thetransformed data. At block 1360, the one or more computing device canevaluate at least one of the one or more patterns.

Various embodiments of the disclosure may take the form of an entirelyor partially hardware embodiment, an entirely or partially softwareembodiment, or a combination of software and hardware (e.g., a firmwareembodiment). Furthermore, as described herein, various embodiments ofthe disclosure (e.g., methods and systems) may take the form of acomputer program product comprising a computer-readable non-transitorystorage medium having computer-accessible instructions (e.g.,computer-readable and/or computer-executable instructions) such ascomputer software, encoded or otherwise embodied in such storage medium.Those instructions can be read or otherwise accessed and executed by oneor more processors to perform or permit the performance of theoperations described herein. The instructions can be provided in anysuitable form, such as source code, compiled code, interpreted code,executable code, static code, dynamic code, assembler code, combinationsof the foregoing, and the like. Any suitable computer-readablenon-transitory storage medium may be utilized to form the computerprogram product. For instance, the computer-readable medium may includeany tangible non-transitory medium for storing information in a formreadable or otherwise accessible by one or more computers orprocessor(s) functionally coupled thereto. Non-transitory storage mediacan include read-only memory (ROM); random access memory (RAM); magneticdisk storage media; optical storage media; flash memory, etc.

Embodiments of the operational environments and methods (or techniques)are described herein with reference to block diagrams and flowchartillustrations of methods, systems, apparatuses and computer programproducts. It can be understood that each block of the block diagrams andflowchart illustrations, and combinations of blocks in the blockdiagrams and flowchart illustrations, respectively, can be implementedby computer-accessible instructions. In certain implementations, thecomputer-accessible instructions may be loaded or otherwise incorporatedinto a general purpose computer, special purpose computer, or otherprogrammable information processing apparatus to produce a particularmachine, such that the operations or functions specified in theflowchart block or blocks can be implemented in response to execution atthe computer or processing apparatus.

Unless otherwise expressly stated, it is in no way intended that anyprotocol, procedure, process, or method set forth herein be construed asrequiring that its acts or steps be performed in a specific order.Accordingly, where a process or a method claim does not actually recitean order to be followed by its acts or steps or it is not otherwisespecifically recited in the claims or descriptions of the subjectdisclosure that the steps are to be limited to a specific order, it isin no way intended that an order be inferred, in any respect. This holdsfor any possible non-express basis for interpretation, including:matters of logic with respect to the arrangement of steps or operationalflow; plain meaning derived from grammatical organization orpunctuation; the number or type of embodiments described in thespecification or annexed drawings, or the like.

As used in this application, the terms “component,” “environment,”“system,” “architecture,” “interface,” “unit,” “module,” “pipe,” and thelike are intended to refer to a computer-related entity or an entityrelated to an operational apparatus with one or more specificfunctionalities. Such entities may be either hardware, a combination ofhardware and software, software, or software in execution. As anexample, a component may be, but is not limited to being, a processrunning on a processor, a processor, an object, an executable portion ofsoftware, a thread of execution, a program, and/or a computing device.For example, both a software application executing on a computing deviceand the computing device can be a component. One or more components mayreside within a process and/or thread of execution. A component may belocalized on one computing device or distributed between two or morecomputing devices. As described herein, a component can execute fromvarious computer-readable non-transitory media having various datastructures stored thereon. Components can communicate via local and/orremote processes in accordance, for example, with a signal (eitheranalogic or digital) having one or more data packets (e.g., data fromone component interacting with another component in a local system,distributed system, and/or across a network such as a wide area networkwith other systems via the signal). As another example, a component canbe an apparatus with specific functionality provided by mechanical partsoperated by electric or electronic circuitry that is controlled by asoftware application or firmware application executed by a processor,wherein the processor can be internal or external to the apparatus andcan execute at least a part of the software or firmware application. Asyet another example, a component can be an apparatus that providesspecific functionality through electronic components without mechanicalparts, and the electronic components can include a processor therein toexecute software or firmware that provides, at least in part, thefunctionality of the electronic components. In certain embodiments,components can communicate via local and/or remote processes inaccordance, for example, with a signal (either analog or digital) havingone or more data packets (e.g., data from one component interacting withanother component in a local system, distributed system, and/or across anetwork such as a wide area network with other systems via the signal).In other embodiments, components can communicate or otherwise be coupledvia thermal, mechanical, electrical, and/or electromechanical couplingmechanisms (such as conduits, connectors, combinations thereof, or thelike). An interface can include input/output (I/O) components as well asassociated processors, applications, and/or other programmingcomponents. The terms “component,” “environment,” “system,”“architecture,” “interface,” “unit,” “module,” and “pipe” can beutilized interchangeably and can be referred to collectively asfunctional elements.

As utilized in this disclosure, the term “processor” can refer to anycomputing processing unit or device comprising single-core processors;single processors with software multithread execution capability;multi-core processors; multi-core processors with software multithreadexecution capability; multi-core processors with hardware multithreadtechnology; parallel platforms; and parallel platforms with distributedshared memory. Additionally, a processor can refer to an integratedcircuit (IC), an application-specific integrated circuit (ASIC), adigital signal processor (DSP), a field programmable gate array (FPGA),a programmable logic controller (PLC), a complex programmable logicdevice (CPLD), a discrete gate or transistor logic, discrete hardwarecomponents, or any combination thereof designed to perform the functionsdescribed herein. A processor can be implemented as a combination ofcomputing processing units. In certain embodiments, processors canutilize nanoscale architectures such as, but not limited to, molecularand quantum-dot based transistors, switches and gates, in order tooptimize space usage or enhance the performance of user equipment orother electronic equipment.

In addition, in the present specification and annexed drawings, termssuch as “store,” “storage,” “data store,” “data storage,” “memory,”“repository,” and substantially any other information storage componentrelevant to the operation and functionality of a component of thedisclosure, refer to “memory components,” entities embodied in a“memory,” or components forming the memory. It can be appreciated thatthe memory components or memories described herein embody or comprisenon-transitory computer storage media that can be readable or otherwiseaccessible by a computing device. Such media can be implemented in anymethods or technology for storage of information such ascomputer-readable instructions, information structures, program modules,or other information objects. The memory components or memories can beeither volatile memory or non-volatile memory, or can include bothvolatile and non-volatile memory. In addition, the memory components ormemories can be removable or non-removable, and/or internal or externalto a computing device or component. Examples of various types ofnon-transitory storage media can include hard-disc drives, zip drives,CD-ROMs, digital versatile disks (DVDs) or other optical storage,magnetic cassettes, magnetic tape, magnetic disk storage or othermagnetic storage devices, flash memory cards or other types of memorycards, cartridges, or any other non-transitory medium suitable to retainthe desired information and which can be accessed by a computing device.

As an illustration, non-volatile memory can include read only memory(ROM), programmable ROM (PROM), electrically programmable ROM (EPROM),electrically erasable programmable ROM (EEPROM), or flash memory.Volatile memory can include random access memory (RAM), which acts asexternal cache memory. By way of illustration and not limitation, RAM isavailable in many forms such as synchronous RAM (SRAM), dynamic RAM(DRAM), synchronous DRAM (SDRAM), double data rate SDRAM (DDR SDRAM),enhanced SDRAM (ESDRAM), Synchlink DRAM (SLDRAM), and direct Rambus RAM(DRRAM). The disclosed memory components or memories of the operationalor computational environments described herein are intended to includeone or more of these and/or any other suitable types of memory.

Conditional language, such as, among others, “can,” “could,” “might,” or“may,” unless specifically stated otherwise, or otherwise understoodwithin the context as used, is generally intended to convey that certainimplementations could include, while other implementations do notinclude, certain features, elements, and/or operations. Thus, suchconditional language generally is not intended to imply that features,elements, and/or operations are in any way required for one or moreimplementations or that one or more implementations necessarily includelogic for deciding, with or without user input or prompting, whetherthese features, elements, and/or operations are included or are to beperformed in any particular implementation.

What has been described herein in the present specification and annexeddrawings includes examples of systems, devices, and techniques that canprovide access control and/or identification of user devices. It is, ofcourse, not possible to describe every conceivable combination ofelements and/or methods for purposes of describing the various featuresof the disclosure, but it can be recognized that many furthercombinations and permutations of the disclosed features are possible.Accordingly, it may be apparent that various modifications can be madeto the disclosure without departing from the scope or spirit thereof. Inaddition or in the alternative, other embodiments of the disclosure maybe apparent from consideration of the specification and annexeddrawings, and practice of the disclosure as presented herein. It isintended that the examples put forward in the specification and annexeddrawings be considered, in all respects, as illustrative and notrestrictive. Although specific terms are employed herein, they are usedin a generic and descriptive sense only and not for purposes oflimitation.

What is claimed is:
 1. A computing system, comprising: at least one memory device having instructions encoded thereon; and at least one processor coupled to the at least one memory device and configured, by the instructions, at least to: configure a zone associated with a point-of-entry device; generate a user record including a communication address and first user information; configure an access rule using at least the user record, the access rule regulates entry to the zone; send an activation code to the communication address; receive second user information generated at a mobile computing device in response to the activation code, the second user information including a communication address of the mobile computing device; generate a user profile using at least one of the user record or the second user information, the user profile includes the communication address of the mobile computing device; associate the access rule with the user profile; generate an access key indicative of a unique user identifier associated with the user profile; associate the access key with the zone; and send the access key to the communication address of the mobile computing device.
 2. The computing system of claim 1, wherein to configure the access rule, the at least one processor is further configured to generate a schedule for authorized entry to the zone, the schedule being one of a daily schedule having a recurring group of authorized periods over a 24 hour interval; a weekly schedule having a second recurring group of authorized periods over seven days; a monthly schedule having a third recurring group of authorized periods over a month; a defined non-recurring authorized period.
 3. The computing system of claim 1, wherein to configure the access rule, the at least one processor is further configured to receive input information indicative of a schedule for authorized entry to the zone; to generate the access rule using the input information; to validate the access rule; and to store the access rule in a first memory device of the at least one memory device.
 4. The computing system of claim 1, wherein the access key comprises one of a linear barcode or a matrix barcode.
 5. The computing system of claim 1, wherein the at least one processor is further configured to determine that a first rule is satisfied, and to update the access rule.
 6. The computing system of claim 5, wherein the at least one processor is further configured to determine that a second rule is satisfied, and to delete the access rule.
 7. The computing system of claim 1, wherein the at least one processor is further configured to determine that a correlation is present between first entry records associated with the zone and second entry records associated with a second zone; to configure a second access rule associated that regulates entry to a third zone using at least one of a portion of the first entry records or a portion of the second entry records; to generate a second access key indicative of the unique user identifier associated with the user profile; to associate the second access key with the third zone; and to send the second access key to the communication address of the mobile computing device.
 8. The computing system of claim 1, wherein the at least one processor is further configured to provide a notification that the access rule is configured.
 9. The computing system of claim 8, wherein the notification comprises a push notification, and wherein to provide the notification, the at least one processor is further configured to determine one or more communication addresses of respective one or more mobile computing devices associated with the user profile, and send a notification request to a messaging system to deliver the push notification, the notification request including the one or more communication addresses.
 10. The computing system of claim 8, wherein the notification comprises an email notification, and wherein to provide the notification, the at least one processor is further configured to determine an email addresses associated with the user profile; generate an the email notification; and send the email notification to the email address.
 11. The computing system of claim 1, wherein the at least one processor is further configured to receive a first indication of granted entry to the zone or a second indication of denied entry to the zone, and to store in a first memory device of the at least one memory device the first indication and the second indication.
 12. The computing device of claim 1, wherein to associate the access rule with the user profile, the at least one processor is further configured to define a relationship between the user profile and the access rule.
 13. The computing device of claim 1, wherein to associate the access rule with the user profile, the at least one processor is further configured to update the user profile to include the access rule.
 14. The computing system of claim 1, wherein the mobile computing device is configured to transmit first wireless signals and receive second wireless signals according to one or more defined protocols of a radio technology, the mobile computing device comprising one or more antennas and a communication processing unit, wherein the one or more antennas receive the second wireless signals and the radio unit processes the second wireless signals, and wherein the communication processing unit processes digital signals to generate the second wireless signals and the one or more antennas transmit the second wireless signals.
 15. The computing system of claim 14, wherein the mobile computing device comprises a smartphone, tablet computer, a wearable device, a keyfob, or a pocket card.
 16. The computing system of claim 15, wherein the radio technology includes 3G, Long Term Evolution (LTE), LTE-Advanced, 5G, IEEE 802.11, IEEE 802.16, Bluetooth, ZigBee, or near-field communication (NFC).
 17. The computing system of claim 1, wherein the point-of-entry device comprises a locking device configured to exchange wireless signals with the mobile computing device according to one or more defined protocols of a radio technology.
 18. The computing system of claim 17, wherein the radio technology comprises Bluetooth, and the locking device comprises a Bluetooth locking pad. 